Preparing for the Worst: the Essential Guide to Disaster Readiness
A category-5 hurricane will hit your city in 3 days. Are you sure your company is prepared?
Unfortunately, most disasters don’t come with warnings like this. Earthquakes, ransomware attacks, accidentally deleted data, utility outages: such disruptions happen without notice and can be just as devastating on your operations as a hurricane.
To ensure your business can survive the worst, you need be prepared, well in advance. In this guide, we show you how.
Disaster Readiness: Have a Disaster Recovery Plan
Every business must have a disaster recovery plan. 90% of companies without one will fail to reopen after being hit by a disaster, according to recent statistics.
Also called a business continuity plan, a disaster recovery plan is a fundamental document outlining your entire strategy for disaster prevention and recovery, including:
- Impact & costs of disaster scenarios
- Recovery and response
Why make a plan? Because preparing for disaster shouldn’t be guesswork!
All recovery planning needs to be documented, so that everyone is on the same page about potential risks, as well as preventative measures that are already in place and protocols to follow when disaster strikes. If you’re not sure where to start, try this Disaster Recovery Planning Template.
Predict the ‘Unthinkable’
We’re going to let you in on a little secret …
Few disasters are “unthinkable.” Sure, a disaster may happen unexpectedly, or at an inopportune time. But it’s rarely an unforeseen possibility. Every business has unique risks for disaster, and a crucial part of disaster recovery planning is figuring out what those risks are.
- Are you located along the coast? Vulnerable to hurricanes?
- What could wipe out your data? Hardware failure? Cyberattack?
- How about heavy wind? Flooding? Tornados? Earthquakes?
- What if there was a transportation stoppage? Would it prevent your workforce from getting to work?
- How likely is a terrorist attack? Theft? Massive vandalism?
The point is: you need to be ready for anything and everything.
Your risks are unique to your business, your location and your operations. Conduct a thorough disaster risk assessment to determine all possible threats and the likelihood of each one occurring.
Keep your people safe
Too often, discussions about disaster planning focus too narrowly on protecting technologies and operations. Yes, those are certainly key to the company’s survival—but so are your employees!
Natural disasters, like hurricanes, tornadoes and floods, can be extremely dangerous for people. And without the right planning in place, the company could actually be increasing their risk of harm.
Let’s use the hurricane example again. Imagine a major storm is on its way …
- Do your protocols make it clear what employees should do?
- Should they be evacuating the city, or are some staff expected to stay?
- Do they know where to seek shelter?
- What if critical staff are caught in the storm? What if they’re injured?
- Are any first-aid supplies available on-site?
- What happens if staff lose their homes?
All of these questions should be answered in your disaster recovery plan, so that people are always prepared. And in the case of an impending hurricane, this information should be reiterated to staff, so that there is no confusion.
How will everyone communicate?
Power is out across the city. Phone lines are down. Internet is out at the office. So, how will teams stay in touch? How will they know the status of the company, what to do and whether to return to work?
Communication is key to the survival of a company after a disaster. Without it, recovery is virtually impossible. Here are some things you may need to ensure that teams can get the information they need to restore operations:
- Emergency contact information: Collect all possible contact details for every employee (and especially your disaster recovery team members), for use when traditional methods are unavailable. This can include mobile phone numbers, backup email addresses, home phone numbers, etc.
- Communications portal: Consider using some form of extranet, website or call-in phone lines where employees can get key updates during outages. During a natural disaster, for example, employees should be instructed to use these portals for status updates and instructions.
- Calling trees: They work for your child’s soccer team, and they work for businesses too. A calling tree identifies who should call whom in an emergency to ensure everyone is accounted for and that key information is being passed along. While it may not be efficient to use a calling tree for the entire organization, it can be a crucial tool for ensuring communicating between stakeholders, managers and recovery teams.
- Backup devices: Having backup equipment for select business-critical personnel is not a bad idea. This could include secondary mobile phones, laptops or other equipment that can be accessed easily when their primary communications tools are unavailable.
Know when recovery is “too late”
Remember when Cinderella had to return before midnight, because her dress would turn to rags? Planning for disaster recovery is kind of like that.
Every business needs to set a goal for recovery. This is called your recovery time objective (RTO). And it pretty much dictates the urgency of your entire continuity planning.
For some businesses, RTO can be thought of as a “point of no return.” After a certain amount of time following a disaster, recovery becomes far more costly and difficult to achieve. Setting an RTO ensures that your protocols and technologies are built to meet this goal.
Keep in mind, various disasters will affect your business differently. This is why companies often set RTOs for specific systems and scenarios, for example:
- Data loss
- Network outages
- Power / utility outages
- Production / manufacturing stoppages
- Website or application downtime
A hospital, for example, is in big trouble if it loses data for even just an hour. But a local hardware store can probably go without power for several days. RTO is different for every business, every situation.
Check out our RTO disaster recovery guide for best practices on setting your recovery objectives.
Protect your IT infrastructure
After a natural disaster, your building may still be standing, but your technology could be toast. This is why it’s critical to have contingency plans for IT infrastructure. Without access to data or other critical systems, most businesses today would be unable to fully restore operations.
While every business is different, here are a few systems you probably need for prevention and/or recovery:
- Cybersecurity defense: From network firewalls to antimalware solutions, these defenses are essential for stopping a wide range of cyber-threats.
- Off-site data backups: If your server room is flooded, you’ll want to be able to recover data from the cloud or off-site servers. Additionally, consider data backup solutions that allow instant virtualization, so that data can be accessed even faster during the recovery, thus minimizing downtime.
- Internet failover: Enterprise businesses who depend on uninterrupted connectivity might invest in redundant telecommunications lines, but another option for small to medium-sized businesses is wireless Internet failover. The Datto Network Appliance, for example, has 4G LTE Internet failover so that teams can stay connected when the primary connection is down.
- Flooding, fire and smoke detection: The earlier you can detect a threat to your infrastructure, the better your chances of saving it. Be sure your server rooms use advanced systems for smoke and fire detection, as well as fire suppression. Flood sensors can also be used to detect the presence of water and moisture.
- Backup generators: After a natural disaster, electric service could be out for days or even weeks. Consider deploying a backup generator to keep your business-critical servers and other equipment running when the power is out.
Paper documents need shelter, too
Admit it: your company still has a mountain of important paper records. We all do!
But since these documents are easily destroyed in a natural disaster, you need to keep them safe. Don’t simply keep them in boxes in the basement. Create backup copies of the most important files, or store them in safe locations off-site. Additionally, you should have a plan for how you’ll recover your most important documents should they be destroyed.
Make recovery instructions clear
There’s an inch of water in the server room. One server is already a goner. Others may be next. What do you do?
Above, we’ve stressed the importance of assessing your risks, maintaining communication and protecting IT infrastructure. But when disaster actually strikes, what are the proper procedures for recovery?
These protocols need to be clearly laid out in your disaster recovery plan. For example:
- Who’s in charge of data recovery?
- What is the first step after a suspected ransomware attack?
- How will the infection be stopped from spreading across the network?
- Should someone be calling the authorities?
- How should steps be prioritized?
These are just a few examples – see more in our checklist. The key here is that your recovery teams must know what to do. If there is any confusion or guesswork during these crucial moments after a disaster, recovering will only take longer and be far more difficult.
Get more information
For more information on today’s best solutions for business continuity, disaster recovery and data backup, contact our experts at Invenio IT. Request a free demo, call (646) 395-1170 or email [email protected].